Thursday, November 3, 2011

Security Onion 20111103 now available!

Security Onion 20111103 is now available!  This resolves the following issues:
Issue 138 - Time for a new ISO image
Issue 136 - Setup script should automatically set OS timezone to UTC
Issue 137 - Bro 2.0 Beta

Please note that Bro 2.0 Beta installs to /usr/local/bro/.

For more information about Bro 2.0 Beta, please see:

New Users
New users can download and install the new 20111103 ISO image using the instructions here.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).


Upgrade Process

Completing Upgrade

Bro 2.0 Beta in /usr/local/bro/bin/bro


Anonymous said...

Thanks for bringing bro on to the onion.

Small nitpick :

Isnt it better to put bro under /usr/local/bin/bro instead of /usr/local/bro/bin/bro ?

Doug Burks said...

Hi Anonymous,

Security Onion already had Bro 1.5.1 and it was installed to /usr/local/bin/bro. I wanted to keep 1.5.1 in place for now and install Bro 2.0 Beta in a separate location, so I kept the 2.0Beta default installation prefix of /usr/local/bro/.


Anonymous said...


In bro 2.0 Beta:

sudo ./bro -ieth0 tcp
error: can't open tcp

sudo ./bro -ieth0 smtp
error: can't open smtp

Best Regards,

Doug Burks said...

Hi Alfred,

Are you trying to load the smtp policy file? Isn't it loaded by default?


vik said...

Hi, Excellent work you have done, i was wondering which tools are use for testing the IDS, i currenly use idswakeup and tcpreplay, if you happen to know how to setup sguil client on windows 7 please let me know.


Doug Burks said...

Hi Vik,

Thanks for your kind words!

I usually use tcpreplay for testing.

For running Sguil on Windows 7, I recommend running Security Onion in a VM. This gives you not only Sguil, but also Wireshark, Bro, Argus, and many other analysis tools.